diff --git a/.dir-locals.el b/.dir-locals.el new file mode 100644 index 0000000..ce4f7f2 --- /dev/null +++ b/.dir-locals.el @@ -0,0 +1 @@ +((nix-mode . ((apheleia-formatter . alejandra)))) diff --git a/.gitignore b/.gitignore index d923c2f..1fcce5c 100644 --- a/.gitignore +++ b/.gitignore @@ -41,9 +41,6 @@ flycheck_*.el # projectiles files .projectile -# directory configuration -.dir-locals.el - # network security /network-security.data diff --git a/common/users.nix b/common/users.nix index de46df6..b350882 100644 --- a/common/users.nix +++ b/common/users.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { config = { elss = { diff --git a/common/wireguard.nix b/common/wireguard.nix index ea42a4e..2241e50 100644 --- a/common/wireguard.nix +++ b/common/wireguard.nix @@ -1,13 +1,17 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { config.elss.wireguard = { - interfaces = { stelnet = { servers = { metis = { localIp = "1"; - extraIps = [ "1" "2" "142" ]; + extraIps = ["1" "2" "142"]; publicKey = "wP49t1TYXI3ucsYb8RavNGwIf+8nx5UBgDU0PM9VlnI="; endpoint = "metis.ellmauthaler.net:51820"; #TODO }; @@ -32,10 +36,10 @@ with lib; { }; prefixes = { - ipv4 = [ "192.168.244" ]; + ipv4 = ["192.168.244"]; ipv6 = { - ula = [ "fdaa:3313:9dfa:dfa3" ]; # TODO - gua = [ ]; + ula = ["fdaa:3313:9dfa:dfa3"]; # TODO + gua = []; }; serial = "2022073100"; }; diff --git a/default.nix b/default.nix index 4ed5330..24f578f 100644 --- a/default.nix +++ b/default.nix @@ -1,57 +1,75 @@ -{ flakes, flakeOutputs, ...}: -let - mkMachine = args: - let - name = if builtins.isString args then args else args.name; - system = if args ? system then args.system else "x86_64-linux"; - extraModules = if args ? extraModules then args.extraModules else [ ]; - extraOverlays = if args ? extraOverlays then args.extraOverlays else [ +{ + flakes, + flakeOutputs, + ... +}: let + mkMachine = args: let + name = + if builtins.isString args + then args + else args.name; + system = + if args ? system + then args.system + else "x86_64-linux"; + extraModules = + if args ? extraModules + then args.extraModules + else []; + extraOverlays = + if args ? extraOverlays + then args.extraOverlays + else [ overlay-unstable # overlay-comma ]; - pkgs = flakes.nixpkgs; - configuration = if args ? configuration then args.configuration else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;} ; - overlay-unstable = final: prev: { - unstable = import flakes.nixpkgs-unstable { - system = "${system}"; - config.allowUnfree=true; - }; - }; - - # overlay-comma = final: prev: { - # comma = flakes.comma.packages."${system}"; - # }; - in - { - inherit name; - value = pkgs.lib.nixosSystem { - inherit system; - modules = [ - configuration - { nix = { - package = pkgs.legacyPackages.${system}.nixUnstable; - nixPath= [ "nixpkgs=${pkgs}" ]; - registry.nixpkgs.flake = pkgs; - registry.nixpkgs-unstable.flake = flakes.nixpkgs-unstable; - } - ;} - ] ++ extraModules - ++ flakes.nixpkgs.lib.mapAttrsToList (_: module: module) - flakeOutputs.nixosModules; - }; + pkgs = flakes.nixpkgs; + configuration = + if args ? configuration + then args.configuration + else import ./baseconfiguration.nix {inherit extraOverlays system pkgs name flakes flakeOutputs;}; + overlay-unstable = final: prev: { + unstable = import flakes.nixpkgs-unstable { + system = "${system}"; + config.allowUnfree = true; }; + }; + # overlay-comma = final: prev: { + # comma = flakes.comma.packages."${system}"; + # }; + in { + inherit name; + value = pkgs.lib.nixosSystem { + inherit system; + modules = + [ + configuration + { + nix = { + package = pkgs.legacyPackages.${system}.nixUnstable; + nixPath = ["nixpkgs=${pkgs}"]; + registry.nixpkgs.flake = pkgs; + registry.nixpkgs-unstable.flake = flakes.nixpkgs-unstable; + }; + } + ] + ++ extraModules + ++ flakes.nixpkgs.lib.mapAttrsToList (_: module: module) + flakeOutputs.nixosModules; + }; + }; in -flakes.nixpkgs.lib.listToAttrs (map mkMachine [ - { - name = "stel-xps"; - extraModules = [ flakes.nixos-hardware.nixosModules.dell-xps-13-7390 flakes.home-manager.nixosModules.home-manager ]; - } - { - name = "nucturne"; - extraModules = [ flakes.home-manager.nixosModules.home-manager ]; - } - { - name = "ellmauthaler"; - extraModules = [ flakes.home-manager.nixosModules.home-manager flakes.simple-nixos-mailserver.nixosModule flakes.sops-nix.nixosModules.sops ]; - } -]) + flakes.nixpkgs.lib.listToAttrs (map mkMachine [ + { + name = "stel-xps"; + extraModules = [flakes.nixos-hardware.nixosModules.dell-xps-13-7390 flakes.home-manager.nixosModules.home-manager]; + } + { + name = "nucturne"; + extraModules = [flakes.home-manager.nixosModules.home-manager]; + } + { + name = "ellmauthaler"; + extraModules = [flakes.home-manager.nixosModules.home-manager flakes.simple-nixos-mailserver.nixosModule flakes.sops-nix.nixosModules.sops]; + } + ]) diff --git a/flake.lock b/flake.lock index 72af415..3710024 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ ] }, "locked": { - "lastModified": 1660762183, - "narHash": "sha256-9yMWV83YPO7AFYhs0GPRwCIedue+SoyS2dwEGoNv4ik=", + "lastModified": 1661142448, + "narHash": "sha256-MKqQWdUnbQ7UVeEXhbuASvin8d42/AhmD2fanzWXkZg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "f391425e518aae894dd95c9165140f1dda8283af", + "rev": "97a0b4e8d1bfc77f1159bad987c119394b7c2f26", "type": "github" }, "original": { @@ -275,11 +275,11 @@ }, "nixpkgs-22_05_2": { "locked": { - "lastModified": 1660410996, - "narHash": "sha256-arkfX1YYFmwMyDTCguzoOI4epABC41FGQU4J1/G3/9M=", + "lastModified": 1661009065, + "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70b6236f3cbc815f2cae8d597418c714cf83d1c8", + "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", "type": "github" }, "original": { @@ -307,11 +307,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1660646295, - "narHash": "sha256-V4G+egGRc3elXPTr7QLJ7r7yrYed0areIKDiIAlMLC8=", + "lastModified": 1660998696, + "narHash": "sha256-N5eDv9THZz5pFn7NR1swaFrAJYByfrA5gU5L7JONItA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "762b003329510ea855b4097a37511eb19c7077f0", + "rev": "13711c9ab9f5a160a44affb7a6221be53318a873", "type": "github" }, "original": { @@ -323,11 +323,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1660581366, - "narHash": "sha256-et+bi9/jlSF/pHx5AYB9ZP2XDdZEQ0vnF7xlvs4503Y=", + "lastModified": 1661009065, + "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d47bbaa26e7a771059d828eecf3bd8bf28a8b0f", + "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", "type": "github" }, "original": { @@ -383,11 +383,11 @@ "nixpkgs-22_05": "nixpkgs-22_05_2" }, "locked": { - "lastModified": 1660540143, - "narHash": "sha256-oqeOdJH0ey/UyG1G31BV6Lk8qjI+VKboTpTJB317OhM=", + "lastModified": 1661054796, + "narHash": "sha256-SWiWmENiim8liUNOZ1oxjc5yKb/fNpcyfSRo41bsEy0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "773365016f5202a199f5aff72cac75c64add4528", + "rev": "6068774a8e85fea4b0177efcc90afb3c3b74430b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 626373f..b94c5fd 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ description = "Flake to define configurations of 'elss' - ellmauthaler stefan's systems"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -59,30 +58,36 @@ }; }; - outputs = { self, nixpkgs, flake-utils-plus, ... }@inputs: - let - extended-lib = nixpkgs.lib.extend - (final: prev: { - elss = (import ./lib { lib = final; }) prev; - }); - inherit (extended-lib.elss) discoverModules moduleNames discoverMachines withModules discoverTemplates; - in - flake-utils-plus.lib.mkFlake rec{ + outputs = { + self, + nixpkgs, + flake-utils-plus, + ... + } @ inputs: let + extended-lib = + nixpkgs.lib.extend + (final: prev: { + elss = (import ./lib {lib = final;}) prev; + }); + inherit (extended-lib.elss) discoverModules moduleNames discoverMachines withModules discoverTemplates; + in + flake-utils-plus.lib.mkFlake rec { inherit self inputs; - supportedSystems = [ "x86_64-linux" ]; + supportedSystems = ["x86_64-linux"]; lib = extended-lib; channelsConfig = { - allowUnfreePredicate = pkg: builtins.elem (extended-lib.getName pkg) [ - "slack" - "steam" - "steam-original" - "steam-runtime" - "skypeforlinux" - "teams" - "zoom" - ]; + allowUnfreePredicate = pkg: + builtins.elem (extended-lib.getName pkg) [ + "slack" + "steam" + "steam-original" + "steam-runtime" + "skypeforlinux" + "teams" + "zoom" + ]; }; channels.nixpkgs.overlaysBuilder = channels: [ @@ -97,39 +102,46 @@ hostDefaults = { system = "x86_64-linux"; channelName = "nixpkgs"; - modules = [ - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - inputs.dwarffs.nixosModules.dwarffs - inputs.simple-nixos-mailserver.nixosModules.mailserver - ./common/wireguard.nix - ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)); + modules = + [ + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + inputs.dwarffs.nixosModules.dwarffs + inputs.simple-nixos-mailserver.nixosModules.mailserver + ./common/wireguard.nix + ] + ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)); specialArgs = { nixos-hardware = inputs.nixos-hardware.nixosModules; inherit inputs; }; extraArgs = { - homeConfigurations = withModules ./users + homeConfigurations = + withModules ./users ( - { name, path }: + { + name, + path, + }: #import (./users + "/${name}") - import path + import path ); }; }; - hosts = discoverMachines ./machines + hosts = + discoverMachines ./machines { - specialArgs = { lib = extended-lib; }; + specialArgs = {lib = extended-lib;}; }; nixosModules = discoverModules ./modules; - homeConfigurations = withModules ./users - (name: - let - username = extended-lib.removeSuffix ".nix" name; - in + homeConfigurations = + withModules ./users + (name: let + username = extended-lib.removeSuffix ".nix" name; + in inputs.home-manager.lib.homeManagerConfiguration { configuration = import (./users + "/${name}"); inherit username; @@ -143,18 +155,18 @@ pkgs = channels.nixpkgs; sops-nix = inputs.sops-nix.packages."${channels.nixpkgs.system}"; }; + formatter = channels.nixpkgs.alejandra; }; templates = discoverTemplates ./templates { - basic_tool = { + base = { description = "Basic setup of tools in nixpkgs/unstable"; welcomeText = "Change into the folder and add the wanted packages to the buildInputs"; }; - + rust = { description = "Rust development environment flake"; - welcomeText = - "Change into the folder and follow the prompt to create an automatic rust environment in this folder"; + welcomeText = "Change into the folder and follow the prompt to create an automatic rust environment in this folder"; }; jupyter = { description = "Jupyter server flake"; diff --git a/lib/default.nix b/lib/default.nix index 6a88772..20637cc 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,6 +1,6 @@ -{ lib }: - +{lib}: (lib.composeManyExtensions [ (import ./users.nix) (import ./files.nix) -]) lib +]) +lib diff --git a/lib/files.nix b/lib/files.nix index 64ec074..b96823d 100644 --- a/lib/files.nix +++ b/lib/files.nix @@ -1,26 +1,34 @@ final: prev: - with prev; rec { - moduleNames = dir: pipe dir [ - builtins.readDir - (filterAttrs - (name: type: (!hasPrefix "." name && !hasPrefix "_" name - && (hasSuffix ".nix" name || type == "directory")))) - attrNames - ]; + moduleNames = dir: + pipe dir [ + builtins.readDir + (filterAttrs + (name: type: (!hasPrefix "." name + && !hasPrefix "_" name + && (hasSuffix ".nix" name || type == "directory")))) + attrNames + ]; withModules = dir: f: listToAttrs (map - (filename: - let - path = dir + "/${filename}"; - name = removeSuffix ".nix" filename; - in - nameValuePair name (f { inherit path name; })) + (filename: let + path = dir + "/${filename}"; + name = removeSuffix ".nix" filename; + in + nameValuePair name (f {inherit path name;})) (moduleNames dir)); - discoverModules = dir: withModules dir ({ path, name }: import path); + discoverModules = dir: + withModules dir ({ + path, + name, + }: + import path); discoverMachines = dir: args: - withModules dir ({ path, name }: - { modules = [ path ]; } // args); + withModules dir ({ + path, + name, + }: + {modules = [path];} // args); discoverTemplates = dir: overrides: pipe dir [ builtins.readDir @@ -32,11 +40,11 @@ with prev; rec { path = "${dir}/${template}"; description = "a template for ${template} projects"; } - (if hasAttr template overrides then - getAttr template overrides - else - { })))) + ( + if hasAttr template overrides + then getAttr template overrides + else {} + )))) listToAttrs ]; - } diff --git a/lib/users.nix b/lib/users.nix index c4b3f1e..50f8db3 100644 --- a/lib/users.nix +++ b/lib/users.nix @@ -1,19 +1,16 @@ -final: prev: - -{ - withConfig = config: - - let - cfg = config.elss.users; - mapAccount = f: login: prev.nameValuePair login (f login); - mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst); - in - rec { - mapUsers = f: mapList f cfg.users; - mapAdmins = f: mapList f cfg.admins; - mapAllUsers = f: (mapUsers f) // (mapAdmins f); - mapAllUsersAndRoot = f: (mapAllUsers f) // { +final: prev: { + withConfig = config: let + cfg = config.elss.users; + mapAccount = f: login: prev.nameValuePair login (f login); + mapList = f: lst: builtins.listToAttrs (map (mapAccount f) lst); + in rec { + mapUsers = f: mapList f cfg.users; + mapAdmins = f: mapList f cfg.admins; + mapAllUsers = f: (mapUsers f) // (mapAdmins f); + mapAllUsersAndRoot = f: + (mapAllUsers f) + // { root = f "root"; }; - }; + }; } diff --git a/machines/metis/default.nix b/machines/metis/default.nix index 5f92a02..86a5e9b 100644 --- a/machines/metis/default.nix +++ b/machines/metis/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, nixos-hardware, ... }: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./hardware-configuration.nix @@ -41,12 +46,11 @@ # enable wireguard wireguard.enable = true; - # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { @@ -55,20 +59,24 @@ }; }; }; - fileSystems."/".options = [ "noatime" ]; + fileSystems."/".options = ["noatime"]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { interfaces.ens3 = { - ipv4.addresses = [{ - address = "89.58.45.113"; - prefixLength = 22; - }]; - ipv6.addresses = [{ - address = "fe80::94e0:6eff:fecd:d6cb"; - prefixLength = 64; - }]; + ipv4.addresses = [ + { + address = "89.58.45.113"; + prefixLength = 22; + } + ]; + ipv6.addresses = [ + { + address = "fe80::94e0:6eff:fecd:d6cb"; + prefixLength = 64; + } + ]; }; defaultGateway = "89.58.44.1"; defaultGateway6 = { @@ -79,9 +87,8 @@ nat = { enable = true; externalInterface = "ens3"; - internalInterfaces = [ "wg-stelnet" ]; + internalInterfaces = ["wg-stelnet"]; }; - }; system.stateVersion = "22.05"; } diff --git a/machines/metis/hardware-configuration.nix b/machines/metis/hardware-configuration.nix index bfd3a32..f89c425 100644 --- a/machines/metis/hardware-configuration.nix +++ b/machines/metis/hardware-configuration.nix @@ -1,33 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos-root"; - fsType = "xfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos-root"; + fsType = "xfs"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/nucturne/default.nix b/machines/nucturne/default.nix index 299bdad..da20b12 100644 --- a/machines/nucturne/default.nix +++ b/machines/nucturne/default.nix @@ -1,12 +1,16 @@ -{ config, pkgs, inputs, nixos-hardware, ...}: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./hardware-configuration.nix ./software.nix ]; - elss = { # base system base.enable = true; @@ -19,8 +23,10 @@ # enable X11 with lightdm and i3 graphical = { enable = true; + sway.enable = true; + i3.enable = false; # set dpi if used in mobile applications -# dpi = 180; + # dpi = 180; }; # enable deamon to generate nix-index-db @@ -36,12 +42,12 @@ # enable wireguard wireguard.enable = true; - + # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { @@ -52,15 +58,15 @@ }; boot = { - extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; + extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; - kernelModules = [ + kernelModules = [ "v4l2loopback" - ]; + ]; - plymouth.enable = true; + plymouth.enable = true; }; system.stateVersion = "21.05"; diff --git a/machines/nucturne/hardware-configuration.nix b/machines/nucturne/hardware-configuration.nix index 43d6e91..eb3c7cc 100644 --- a/machines/nucturne/hardware-configuration.nix +++ b/machines/nucturne/hardware-configuration.nix @@ -1,36 +1,40 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6"; + fsType = "ext4"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/9ebd7aff-629b-449b-83d8-6381a04eb708"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/DE6D-C383"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/DE6D-C383"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";} + ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; # high-resolution display diff --git a/machines/nucturne/software.nix b/machines/nucturne/software.nix index b4c1a17..e3bc39f 100644 --- a/machines/nucturne/software.nix +++ b/machines/nucturne/software.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ libreoffice-fresh onlyoffice-bin diff --git a/machines/stel-xps/default.nix b/machines/stel-xps/default.nix index 1ebcf26..dca968b 100644 --- a/machines/stel-xps/default.nix +++ b/machines/stel-xps/default.nix @@ -1,5 +1,10 @@ -{ config, pkgs, inputs, nixos-hardware, ... }: { + config, + pkgs, + inputs, + nixos-hardware, + ... +}: { imports = [ ../../common/users.nix ./printer.nix @@ -20,6 +25,8 @@ # enable X11 with lightdm and i3 graphical = { enable = true; + sway.enable = true; + i3.enable = false; # set dpi if used in mobile applications # dpi = 180; }; @@ -41,8 +48,8 @@ # user setup users = { enable = true; - admins = [ "ellmau" ]; - users = [ ]; + admins = ["ellmau"]; + users = []; meta = { ellmau.git = { diff --git a/machines/stel-xps/hardware-configuration.nix b/machines/stel-xps/hardware-configuration.nix index 7bc3363..6835325 100644 --- a/machines/stel-xps/hardware-configuration.nix +++ b/machines/stel-xps/hardware-configuration.nix @@ -1,33 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674"; + fsType = "ext4"; + }; boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/39E0-047B"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/39E0-047B"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";} + ]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; # high-resolution display diff --git a/machines/stel-xps/printer.nix b/machines/stel-xps/printer.nix index 2c7cc6d..aad30bf 100644 --- a/machines/stel-xps/printer.nix +++ b/machines/stel-xps/printer.nix @@ -1,29 +1,32 @@ -{ config, pkgs, ...}: - -let +{ + config, + pkgs, + ... +}: let ppd-local = pkgs.stdenv.mkDerivation rec { pname = "local-ppds"; version = "2021-07-04"; src = ./ppds; - phases = [ "unpackPhase" "installPhase" ]; + phases = ["unpackPhase" "installPhase"]; installPhase = '' - mkdir -p $out/share/cups/model/ - cp -R Ricoh $out/share/cups/model - ''; + mkdir -p $out/share/cups/model/ + cp -R Ricoh $out/share/cups/model + ''; }; -in -{ - services.printing.drivers = with pkgs; [ - foomatic-filters - gutenprint - hplip - ] ++ [ - ppd-local - ]; - +in { + services.printing.drivers = with pkgs; + [ + foomatic-filters + gutenprint + hplip + ] + ++ [ + ppd-local + ]; + hardware.printers.ensurePrinters = [ { name = "hpm605"; diff --git a/machines/stel-xps/software.nix b/machines/stel-xps/software.nix index be0ebc8..ae005c0 100644 --- a/machines/stel-xps/software.nix +++ b/machines/stel-xps/software.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs; [ brightnessctl libreoffice-fresh diff --git a/modules/aspell.nix b/modules/aspell.nix index 63d2e05..54e5dec 100644 --- a/modules/aspell.nix +++ b/modules/aspell.nix @@ -1,6 +1,9 @@ -{ config, pkgs, lib, ... }: - -let +{ + config, + pkgs, + lib, + ... +}: let aspellConf = '' data-dir /run/current-system/sw/lib/aspell dict-dir /run/current-system/sw/lib/aspell @@ -8,12 +11,12 @@ let extra-dicts en-computers.rws add-extra-dicts en_GB-science.rws ''; -in -{ +in { options.elss.programs.aspell.enable = lib.mkEnableOption "setup aspell"; config = lib.mkIf config.elss.programs.aspell.enable { - environment.systemPackages = [ pkgs.aspell ] - ++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]); + environment.systemPackages = + [pkgs.aspell] + ++ (with pkgs.aspellDicts; [de en sv en-computers en-science]); }; } diff --git a/modules/base.nix b/modules/base.nix index 1c44966..8abf5f0 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss = { base.enable = mkEnableOption "Set the base configuration for the system"; @@ -14,7 +19,7 @@ with lib; { services = { dbus = { enable = true; - packages = with pkgs; [ dconf ]; + packages = with pkgs; [dconf]; }; }; diff --git a/modules/communication.nix b/modules/communication.nix index c8513a8..0162021 100644 --- a/modules/communication.nix +++ b/modules/communication.nix @@ -1,13 +1,17 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.programs.communication.enable = mkEnableOption "enable the basic graphical communication tools"; - config = - let - cfg = config.elss.programs.communication; - in + config = let + cfg = config.elss.programs.communication; + in mkIf cfg.enable { - elss.graphical.enable = true; + # elss.graphical.enable = true; environment.systemPackages = with pkgs; [ element-desktop jitsi-meet-electron diff --git a/modules/emacs/default.el b/modules/emacs/default.el index 2a3f21c..035d519 100644 --- a/modules/emacs/default.el +++ b/modules/emacs/default.el @@ -577,6 +577,30 @@ "/=" ":::" ">=>" "->>" "<=>" "<=<" "<->")) (global-ligature-mode t)) +;; apheleia +(use-package apheleia + :defer t + :diminish apheleia-mode + :custom + (apheleia-formatters + `((alejandra "alejandra") + (black "black" "-") + (brittany "brittany") + (clang-format "clang-format") + (fish-indent . ("fish_indent")) + (gofmt . ("gofmt")) + (google-java-format . ("google-java-format" "-")) + (isort . ("isort" "-")) + ;(latexindent . ("latexindent" "--logfile=/dev/null")) + (mix-format . ("mix" "format" "-")) + (nixfmt . ("nixfmt")) + (rustfmt . ("rustfmt" "--quiet" "--emit" "stdout")) + (terraform . ("terraform" "fmt" "-")))) + :preface + (diminish 'apheleia-mode) + :init + (apheleia-global-mode t)) + (custom-set-faces ;; custom-set-faces was added by Custom. ;; If you edit it by hand, you could mess it up, so be careful. diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index 990a74c..c1ef1ea 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -1,97 +1,106 @@ -{ config, lib, pkgs, ... }: -with lib; -let +{ + config, + lib, + pkgs, + ... +}: +with lib; let defaultEl = ./default.el; - environment.systemPackages = [ pkgs.gdb ]; # use gdb for dap-mode + environment.systemPackages = [pkgs.gdb]; # use gdb for dap-mode - defaultConfig = pkgs.runCommand "default.el" { } '' - mkdir -p $out/share/emacs/site-lisp - cp ${defaultEl} $out/share/emacs/site-lisp/default.el + defaultConfig = pkgs.runCommand "default.el" {} '' + mkdir -p $out/share/emacs/site-lisp + cp ${defaultEl} $out/share/emacs/site-lisp/default.el ''; - emacsPackage = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages - (epkgs: - let - lpkgs = import ./packages.nix { - inherit config lib pkgs epkgs; - }; - in + emacsPackage = + (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages + (epkgs: let + lpkgs = import ./packages.nix { + inherit config lib pkgs epkgs; + }; + in #[ (defaultConfig lpkgs) ] ++ (with pkgs; [ # aspell # emacs-all-the-icons-fonts # gnupg # nixpkgs-fmt #]) - [(defaultConfig)] ++ - [(with epkgs.elpaPackages; [ - auctex - org - flymake - ])] - ++ (with epkgs.melpaStablePackages; [ ]) ++ (with epkgs.melpaPackages; [ - ac-helm - academic-phrases - add-hooks - alert - all-the-icons - all-the-icons-dired - beacon - bln-mode - cargo-mode - company - company-auctex - company-bibtex - company-flx - company-quickhelp - company-reftex - cov - dap-mode - diminish - direnv - dockerfile-mode - docker-compose-mode - flycheck - free-keys - highlight-indentation - helm - #helm-bbdb - helm-company - helm-flx - helm-descbinds - helm-lsp - helm-projectile - helm-rg - json-mode - less-css-mode - lsp-mode - lsp-ui - magit - moe-theme - multiple-cursors - nix-mode - nixpkgs-fmt - org-bullets - org-roam - #org-roam-server - pasp-mode - pdf-tools - projectile - projectile-ripgrep - rustic - spacemacs-theme - solarized-theme - sparql-mode - sudo-edit - use-package - #vscode-dark-plus-theme - yaml-mode - yasnippet - #zenburn-theme - ] ++ (with lpkgs; [ - org-roam-ui - ligatures - ]))); -in -{ + [defaultConfig] + ++ [ + (with epkgs.elpaPackages; [ + auctex + org + flymake + ]) + ] + ++ (with epkgs.melpaStablePackages; []) + ++ (with epkgs.melpaPackages; + [ + ac-helm + academic-phrases + add-hooks + alert + all-the-icons + all-the-icons-dired + apheleia + beacon + bln-mode + cargo-mode + company + company-auctex + company-bibtex + company-flx + company-quickhelp + company-reftex + cov + dap-mode + diminish + direnv + dockerfile-mode + docker-compose-mode + flycheck + free-keys + highlight-indentation + helm + #helm-bbdb + helm-company + helm-flx + helm-descbinds + helm-lsp + helm-projectile + helm-rg + json-mode + less-css-mode + lsp-mode + lsp-ui + magit + moe-theme + multiple-cursors + nix-mode + nixpkgs-fmt + org-bullets + org-roam + #org-roam-server + pasp-mode + pdf-tools + projectile + projectile-ripgrep + rustic + spacemacs-theme + solarized-theme + sparql-mode + sudo-edit + use-package + #vscode-dark-plus-theme + yaml-mode + yasnippet + #zenburn-theme + ] + ++ (with lpkgs; [ + org-roam-ui + ligatures + ]))); +in { options.elss.programs.emacs.enable = mkEnableOption "Setup emacs package and install it"; config = mkIf config.elss.programs.emacs.enable { services.emacs = { diff --git a/modules/emacs/packages.nix b/modules/emacs/packages.nix index cbb6946..c5827af 100644 --- a/modules/emacs/packages.nix +++ b/modules/emacs/packages.nix @@ -1,30 +1,35 @@ -{ config, lib, pkgs, epkgs, ...}: -let +{ + config, + lib, + pkgs, + epkgs, + ... +}: let in -with epkgs; rec{ - org-roam-ui = trivialBuild{ - pname = "org-roam-ui"; - version = "2021-10-06"; - src = pkgs.fetchFromGitHub { - owner = "org-roam"; - repo = "org-roam-ui"; - rev = "bae6487afd5e6eec9f04b38b235bbac24042ca62"; - sha256 = "14dbdvxf1l0dwbhc0ap3wr3ffafy4cxmwc9b7gm0gzzmcxvszisc"; + with epkgs; rec { + org-roam-ui = trivialBuild { + pname = "org-roam-ui"; + version = "2021-10-06"; + src = pkgs.fetchFromGitHub { + owner = "org-roam"; + repo = "org-roam-ui"; + rev = "bae6487afd5e6eec9f04b38b235bbac24042ca62"; + sha256 = "14dbdvxf1l0dwbhc0ap3wr3ffafy4cxmwc9b7gm0gzzmcxvszisc"; + }; + packageRequires = [f websocket org-roam simple-httpd]; + postInstall = '' + cp -r out $out/share/emacs/site-lisp + ''; }; - packageRequires = [ f websocket org-roam simple-httpd ]; - postInstall = '' - cp -r out $out/share/emacs/site-lisp - ''; - }; - ligatures = trivialBuild { - pname = "ligatures"; - version = "unstable-2021-08-27"; - src = pkgs.fetchFromGitHub { - owner = "mickeynp"; - repo = "ligature.el"; - rev = "d3426509cc5436a12484d91e48abd7b62429b7ef"; - sha256 = "baFDkfQLM2MYW2QhMpPnOMSfsLlcp9fO5xfyioZzOqg="; + ligatures = trivialBuild { + pname = "ligatures"; + version = "unstable-2021-08-27"; + src = pkgs.fetchFromGitHub { + owner = "mickeynp"; + repo = "ligature.el"; + rev = "d3426509cc5436a12484d91e48abd7b62429b7ef"; + sha256 = "baFDkfQLM2MYW2QhMpPnOMSfsLlcp9fO5xfyioZzOqg="; + }; }; - }; -} + } diff --git a/modules/graphical.nix b/modules/graphical.nix index 5adb093..b22da85 100644 --- a/modules/graphical.nix +++ b/modules/graphical.nix @@ -1,7 +1,12 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.graphical = { - enable = mkEnableOption "configure i3-based graphical layer"; + enable = mkEnableOption "configure graphical layer"; greeterCursorsize = mkOption { type = types.int; default = 16; @@ -16,19 +21,22 @@ with lib; { DPI setting for the xserver ''; }; + i3.enable = mkEnableOption "enable i3"; }; - config = - let - cfg = config.elss.graphical; - #cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; - #xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; - in + config = let + cfg = config.elss.graphical; + #cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; + #xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; + in mkIf cfg.enable { - elss.users.x11.enable = true; + elss.users.x11.enable = + if cfg.i3.enable + then true + else false; elss.networking.useNetworkManager = true; services = { - xserver = { + xserver = mkIf cfg.i3.enable { enable = true; dpi = cfg.dpi; displayManager.lightdm = { @@ -59,7 +67,7 @@ with lib; { sound.enable = true; hardware = { - pulseaudio.enable = true; + #pulseaudio.enable = true; bluetooth.enable = true; }; @@ -68,6 +76,7 @@ with lib; { environment.systemPackages = with pkgs; [ firefox thunderbird # v102 has various starting time issues - so back to stable + ungoogled-chromium okular texlive.combined.scheme-full usbutils @@ -75,6 +84,5 @@ with lib; { libsecret arandr ]; - }; } diff --git a/modules/locale.nix b/modules/locale.nix index 3599f2b..895bfaf 100644 --- a/modules/locale.nix +++ b/modules/locale.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.locale.enable = mkEnableOption "setup default locale and font-handling"; @@ -21,7 +26,7 @@ with lib; { noto-fonts-extra roboto roboto-mono - (nerdfonts.override { fonts = [ "Hasklig" ]; }) + (nerdfonts.override {fonts = ["Hasklig"];}) material-icons weather-icons xits-math diff --git a/modules/network-manager/default.nix b/modules/network-manager/default.nix index ae208be..e16a5e8 100644 --- a/modules/network-manager/default.nix +++ b/modules/network-manager/default.nix @@ -1,27 +1,30 @@ -{ config, pkgs, lib, ...}: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.networking.useNetworkManager = mkEnableOption "enable networkmanager"; - config = - let - connections = [ - "tartaros" - "eduroam" - ]; + config = let + connections = [ + "tartaros" + "eduroam" + ]; - mkSopsSecrets = connection: { - "${connection}" = { - sopsFile = ../../secrets/networks.yaml; - path = "/run/NetworkManager/system-connections/${connection}.nmconnection"; - }; + mkSopsSecrets = connection: { + "${connection}" = { + sopsFile = ../../secrets/networks.yaml; + path = "/run/NetworkManager/system-connections/${connection}.nmconnection"; + }; + }; + in + mkIf config.elss.networking.useNetworkManager { + networking.networkmanager = { + enable = true; }; - in - mkIf config.elss.networking.useNetworkManager { - networking.networkmanager = { - enable = true; - }; - sops.secrets = mkMerge (map mkSopsSecrets connections); - }; + sops.secrets = mkMerge (map mkSopsSecrets connections); + }; } - diff --git a/modules/nix-index-db.nix b/modules/nix-index-db.nix index 80f23eb..3eb2846 100644 --- a/modules/nix-index-db.nix +++ b/modules/nix-index-db.nix @@ -1,22 +1,25 @@ -{ config, pkgs, lib, ... }: - +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.nix-index-db-update.enable = mkEnableOption "periodically update the nix-index database"; - config = - let - cfg = config.elss.nix-index-db-update; - nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" '' - set -euo pipefail + config = let + cfg = config.elss.nix-index-db-update; + nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" '' + set -euo pipefail - filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)" - cd /var/db/nix-index/ - ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename - ${pkgs.coreutils}/bin/ln -f $filename files - ''; - inherit (lib.elss.withConfig config) mapAllUsers; - in + filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)" + cd /var/db/nix-index/ + ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename + ${pkgs.coreutils}/bin/ln -f $filename files + ''; + inherit (lib.elss.withConfig config) mapAllUsers; + in mkIf cfg.enable { systemd = { services.nix-index-db-update = { @@ -44,14 +47,13 @@ with lib; { Persistent = true; }; - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; }; }; - home-manager.users = mapAllUsers (_: - { config, ... }: { - home.file.".cache/nix-index".source = - config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/"; - }); + home-manager.users = mapAllUsers (_: {config, ...}: { + home.file.".cache/nix-index".source = + config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/"; + }); }; } diff --git a/modules/nix.nix b/modules/nix.nix index 160d549..2c0a434 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,6 +1,8 @@ -{ pkgs, config, ... }: - { + pkgs, + config, + ... +}: { config = { nix = { useSandbox = true; @@ -10,7 +12,7 @@ linkInputs = true; autoOptimiseStore = true; - trustedUsers = [ "root" ] ++ config.elss.users.admins; + trustedUsers = ["root"] ++ config.elss.users.admins; # Enable flakes # Free up to 50 GiB whenever there is less than 10 GiB left. diff --git a/modules/obs-studio.nix b/modules/obs-studio.nix index 028691b..1877c42 100644 --- a/modules/obs-studio.nix +++ b/modules/obs-studio.nix @@ -1,6 +1,10 @@ -{ config, pkgs, lib, ...}: -with lib; { + config, + pkgs, + lib, + ... +}: +with lib; { options.elss.programs.obsstudio.enable = mkEnableOption "install obs-studio"; config = mkIf config.elss.programs.obsstudio.enable { environment.systemPackages = with pkgs; [ diff --git a/modules/openvpn/default.nix b/modules/openvpn/default.nix index 77e47fb..908747a 100644 --- a/modules/openvpn/default.nix +++ b/modules/openvpn/default.nix @@ -1,14 +1,18 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.openvpn.enable = mkEnableOption "Setup TUD openvpn"; - config = - let - cfg = config.elss.openvpn; - in - mkIf cfg.enable { - services.openvpn.servers.TUD = { - config = "config config/TUD.ovpn"; - autoStart = false; - }; + config = let + cfg = config.elss.openvpn; + in + mkIf cfg.enable { + services.openvpn.servers.TUD = { + config = "config config/TUD.ovpn"; + autoStart = false; }; + }; } diff --git a/modules/python.nix b/modules/python.nix index 68c9f3c..398b4f1 100644 --- a/modules/python.nix +++ b/modules/python.nix @@ -1,16 +1,21 @@ -{ config, lib, pkgs, ... }: -with pkgs; with lib; -let - my-python-packages = python-packages: with python-packages; [ - pandas - requests - # other python packages you want - ]; - python-with-my-packages = python3.withPackages my-python-packages; -in { + config, + lib, + pkgs, + ... +}: +with pkgs; +with lib; let + my-python-packages = python-packages: + with python-packages; [ + pandas + requests + # other python packages you want + ]; + python-with-my-packages = python3.withPackages my-python-packages; +in { options.elss.programs.python.enable = mkEnableOption "install python 3"; config = mkIf config.elss.programs.python.enable { - environment.systemPackages = [ python-with-my-packages ]; + environment.systemPackages = [python-with-my-packages]; }; } diff --git a/modules/secrets.nix b/modules/secrets.nix index 3985ecb..da3d8a6 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -1,16 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.sops.enable = mkEnableOption "Use sops config"; - config = - let - cfg = config.elss.sops; - in + config = let + cfg = config.elss.sops; + in mkIf cfg.enable { sops = { defaultSopsFile = ../secrets/secrets.yaml; secrets.example_key.format = "yaml"; - }; }; } diff --git a/modules/server/acme.nix b/modules/server/acme.nix index 167af6e..e993e5e 100644 --- a/modules/server/acme.nix +++ b/modules/server/acme.nix @@ -1,15 +1,17 @@ -{ config, lib, pkgs, ... }: -with lib;{ - config = - let - cfg = config.elss.server; - staging = config.elss.server.acme.staging; - in +{ + config, + lib, + pkgs, + ... +}: +with lib; { + config = let + cfg = config.elss.server; + staging = config.elss.server.acme.staging; + in mkIf cfg.enable { security.acme = { defaults = { - - server = mkIf staging "https://acme-staging-v02.api.letsencrypt.org/directory"; email = "stefan.ellmauthaler@gmail.com"; # Do not use ellmauthaler.net as the mail server will be covered by acme }; diff --git a/modules/server/default.nix b/modules/server/default.nix index d4c348a..b079b55 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.server = { acme.staging = mkEnableOption "Whether to use the staging or the default server for acme"; @@ -8,7 +13,6 @@ with lib; { nextcloud.enable = mkEnableOption "Set up nextcloud"; smailserver.enable = mkEnableOption "Set up simple mail server"; unbound.enable = mkEnableOption "Set unbound dns up"; - }; imports = [ @@ -20,10 +24,9 @@ with lib; { ./unbound.nix ]; - config = - let - cfg = config.elss.server; - in + config = let + cfg = config.elss.server; + in mkIf cfg.enable { elss.server = { nginx.enable = mkDefault true; diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix index 904ff64..108fbdd 100644 --- a/modules/server/nextcloud.nix +++ b/modules/server/nextcloud.nix @@ -1,9 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.nextcloud; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.nextcloud; + in mkIf cfg.enable { elss.server.sql.enable = mkDefault true; services.nextcloud = { @@ -27,8 +31,8 @@ with lib;{ }; systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postrgresql.service" ]; + requires = ["postgresql.service"]; + after = ["postrgresql.service"]; }; sops.secrets = { storemin = { diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix index ae745d9..2d9e711 100644 --- a/modules/server/nginx.nix +++ b/modules/server/nginx.nix @@ -1,12 +1,16 @@ -{ config, lib, pkgs, ... }: -with lib;{ - config = - let - cfg = config.elss.server.nginx; - in +{ + config, + lib, + pkgs, + ... +}: +with lib; { + config = let + cfg = config.elss.server.nginx; + in mkIf cfg.enable { services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; services.nginx.virtualHosts."localhost" = { addSSL = false; enableACME = false; diff --git a/modules/server/smailserver.nix b/modules/server/smailserver.nix index 1999625..2cfc7d2 100644 --- a/modules/server/smailserver.nix +++ b/modules/server/smailserver.nix @@ -1,19 +1,23 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.smailserver; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.smailserver; + in mkIf cfg.enable { mailserver = { enable = true; fqdn = "mail.ellmauthaler.net"; sendingFqdn = "ellmauthaler.net"; - domains = [ "ellmauthaler.net" ]; + domains = ["ellmauthaler.net"]; loginAccounts = { "ellmau@ellmauthaler.net" = { - aliases = [ "stefan@ellmauthaler.net" "postmaster@ellmauthaler.net" "abuse@ellmauthaler.net" ]; + aliases = ["stefan@ellmauthaler.net" "postmaster@ellmauthaler.net" "abuse@ellmauthaler.net"]; hashedPasswordFile = config.sops.secrets.ellmauMail.path; }; @@ -23,7 +27,7 @@ with lib;{ }; localDnsResolver = false; - + # use ACME certificateScheme = 3; }; diff --git a/modules/server/sql.nix b/modules/server/sql.nix index b78526f..abea98e 100644 --- a/modules/server/sql.nix +++ b/modules/server/sql.nix @@ -1,18 +1,24 @@ -{ config, pkgs, lib, ... }: -with lib;{ - config = - let - cfg = config.elss.server.sql; - in +{ + config, + pkgs, + lib, + ... +}: +with lib; { + config = let + cfg = config.elss.server.sql; + in mkIf cfg.enable { services.postgresql = { enable = true; package = pkgs.postgresql_14; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [{ - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - }]; + ensureDatabases = ["nextcloud"]; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; }; }; } diff --git a/modules/server/unbound.nix b/modules/server/unbound.nix index a57cb27..8b17c72 100644 --- a/modules/server/unbound.nix +++ b/modules/server/unbound.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { - config = - let - cfg = config.elss.server.unbound; - in + config = let + cfg = config.elss.server.unbound; + in mkIf cfg.enable { services = { resolved = { enable = true; dnssec = "true"; llmnr = "true"; - fallbackDns = [ "127.0.0.1" "::1" ]; + fallbackDns = ["127.0.0.1" "::1"]; extraConfig = '' DNS = 127.0.0.1 ::1 Domains = ~. @@ -18,13 +22,12 @@ with lib; { }; unbound = { enable = true; - settings.server.interface = [ "127.0.0.0" "::1" ]; - settings.server.access-control = [ "192.168.244.0/24 allow" "fdaa:3313:9dfa:dfa3::/64 allow" ]; + settings.server.interface = ["127.0.0.0" "::1"]; + settings.server.access-control = ["192.168.244.0/24 allow" "fdaa:3313:9dfa:dfa3::/64 allow"]; }; - }; networking = { - nameservers = [ "127.0.0.1" "::1"]; + nameservers = ["127.0.0.1" "::1"]; resolvconf.useLocalResolver = true; }; }; diff --git a/modules/ssh.nix b/modules/ssh.nix index 85899ed..a9ba863 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -1,16 +1,20 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.sshd.enable = mkEnableOption "Set up sshd"; - config = - let - cfg = config.elss.sshd; - in - mkIf cfg.enable { - services.openssh = { - enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; - }; + config = let + cfg = config.elss.sshd; + in + mkIf cfg.enable { + services.openssh = { + enable = true; + passwordAuthentication = false; + permitRootLogin = "no"; }; + }; } diff --git a/modules/steam-run.nix b/modules/steam-run.nix index 499b0f6..a60fbb4 100644 --- a/modules/steam-run.nix +++ b/modules/steam-run.nix @@ -1,15 +1,18 @@ -{ config, lib, pkgs, ... }: - +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.steam-run.enable = mkEnableOption "configure steam-run to support unpatched binaries"; - config = - let - cfg = config.elss.steam-run; - in + config = let + cfg = config.elss.steam-run; + in mkIf cfg.enable { environment.systemPackages = [ - (pkgs.unstable.steam.override { withJava = true; }).run + (pkgs.unstable.steam.override {withJava = true;}).run ]; }; } diff --git a/modules/sway.nix b/modules/sway.nix new file mode 100644 index 0000000..2d091b7 --- /dev/null +++ b/modules/sway.nix @@ -0,0 +1,84 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; { + options.elss.graphical.sway.enable = mkEnableOption "Use sway"; + config = let + cfg = config.elss.graphical.sway; + in + mkIf cfg.enable { + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + # xdg-desktop-portal works by exposing a series of D-Bus interfaces + # known as portals under a well-known name + # (org.freedesktop.portal.Desktop) and object path + # (/org/freedesktop/portal/desktop). + # The portal interfaces include APIs for file access, opening URIs, + # printing and others. + services.dbus.enable = true; + xdg.portal = { + enable = true; + wlr.enable = true; + # gtk portal needed to make gtk apps happy + extraPortals = [ + pkgs.xdg-desktop-portal-gtk + pkgs.xdg-desktop-portal-wlr + ]; + gtkUsePortal = true; + }; + + # enable sway window manager + programs = { + sway = { + enable = true; + extraPackages = with pkgs; [ + rofi + swaylock + swayidle + waybar + ]; + wrapperFeatures = { + base = true; + gtk = true; + }; + }; + + nm-applet = { + enable = true; + indicator = true; + }; + }; + + # greetd login manager + services.greetd = { + enable = true; + package = pkgs.greetd.tuigreet; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway; swaymsg exit"; + }; + }; + }; + + security.pam.services.greetd = { + enableGnomeKeyring = true; + gnupg.enable = true; + }; + + environment.systemPackages = with pkgs; [ + gnome3.adwaita-icon-theme + wl-clipboard + wl-mirror + networkmanagerapplet + pavucontrol + pamixer + ]; + }; +} diff --git a/modules/texlive.nix b/modules/texlive.nix index 6a67e59..b54fcd5 100644 --- a/modules/texlive.nix +++ b/modules/texlive.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; { options.elss.texlive = { enable = mkEnableOption "configure texlife on the system"; @@ -8,17 +13,16 @@ with lib; { default = pkgs.texlive.combined.scheme-full; description = '' This option specifies which texlive package shall be installed - ''; + ''; }; }; - config = - let - cfg = config.elss.texlive; - in - mkIf cfg.enable { - environment.systemPackages = [ - cfg.package - ]; - }; + config = let + cfg = config.elss.texlive; + in + mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + }; } diff --git a/modules/users.nix b/modules/users.nix index e95766d..04f4754 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,5 +1,10 @@ -{ config, pkgs, lib, homeConfigurations, ... }: - +{ + config, + pkgs, + lib, + homeConfigurations, + ... +}: with lib; { options.elss.users = { enable = mkEnableOption "elss specific user configuration"; @@ -15,14 +20,16 @@ with lib; { type = types.listOf types.str; }; meta = mkOption { - type = types.attrsOf + type = + types.attrsOf (types.submodule { options = { description = mkOption { type = types.str; description = "full name of the user"; }; - hashedPassword = mkOption + hashedPassword = + mkOption { type = types.str; default = null; @@ -38,146 +45,142 @@ with lib; { }; git = mkOption { type = types.submodule { - options = { - key = mkOption { - type = types.str; - example = "0xBEEE1234"; - default = "C804A9C1B7AF8256"; - description = "Signkey for git commits"; - }; - gpgsm = mkOption { - type = types.bool; - default = false; - description = "Whether to use gpgsm for commit signatures"; - }; - signDefault = mkOption { - type = types.bool; - default = false; - description = "Whether to force signing commits or not"; - }; + options = { + key = mkOption { + type = types.str; + example = "0xBEEE1234"; + default = "C804A9C1B7AF8256"; + description = "Signkey for git commits"; + }; + gpgsm = mkOption { + type = types.bool; + default = false; + description = "Whether to use gpgsm for commit signatures"; + }; + signDefault = mkOption { + type = types.bool; + default = false; + description = "Whether to force signing commits or not"; }; }; + }; }; }; }); }; }; - config = - let - cfg = config.elss.users; - inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers; + config = let + cfg = config.elss.users; + inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers; - getMeta = login: - builtins.getAttr login cfg.meta; - mkAdmin = login: - mkMerge [ - (mkUser login) - { - extraGroups = [ "wheel" ]; - inherit (getMeta login) hashedPassword; - } - ]; - mkUser = login: - let meta = getMeta login; - in + getMeta = login: + builtins.getAttr login cfg.meta; + mkAdmin = login: + mkMerge [ + (mkUser login) { - inherit (meta) description; - isNormalUser = true; - home = "/home/${login}"; - extraGroups = [ ]; - openssh.authorizedKeys.keys = meta.publicKeys; - }; + extraGroups = ["wheel"]; + inherit (getMeta login) hashedPassword; + } + ]; + mkUser = login: let + meta = getMeta login; + in { + inherit (meta) description; + isNormalUser = true; + home = "/home/${login}"; + extraGroups = []; + openssh.authorizedKeys.keys = meta.publicKeys; + }; - mkGitUser = login: - let meta = getMeta login; - in - { - programs.git = { - userEmail = meta.mailAddress; - userName = meta.description; - extraConfig = { - gpg = lib.mkIf meta.git.gpgsm { - format = "x509"; - program = "${pkgs.gnupg}/bin/gpgsm"; - }; - user = { - signingKey = meta.git.key; - }; - commit = { - gpgsign = meta.git.signDefault; - }; - }; + mkGitUser = login: let + meta = getMeta login; + in { + programs.git = { + userEmail = meta.mailAddress; + userName = meta.description; + extraConfig = { + gpg = lib.mkIf meta.git.gpgsm { + format = "x509"; + program = "${pkgs.gnupg}/bin/gpgsm"; + }; + user = { + signingKey = meta.git.key; + }; + commit = { + gpgsign = meta.git.signDefault; }; }; - - mkX11User = login: - let meta = getMeta login; - in - mkIf (cfg.x11.enable) - { - xsession = { - numlock.enable = true; - profileExtra = '' - if [ $(hostname) = 'stel-xps' ]; then - brightnessctl s 50% - fi - ''; - }; - home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; - - services = { - blueman-applet.enable = true; - network-manager-applet.enable = true; - dunst.enable = true; - }; - }; - - in - mkIf (cfg.enable) - { - assertions = - let - cfg = config.elss.users; - in - [ - { - assertion = mutuallyExclusive cfg.users cfg.admins; - message = "elss.users.users and elss.users.admins are mutually exclusive"; - } - { - assertion = all (hash: hash != "") - (catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta)); - message = "No admin without password"; - } - { - assertion = length (cfg.admins) > 0; - message = "One admin needed at least"; - } - ]; - - users = { - mutableUsers = false; - users = - mkMerge [ - (mapAdmins mkAdmin) - (mapUsers mkUser) - ]; - }; - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - users = - mkMerge [ - (mapAllUsers mkX11User) - (mapAllUsers mkGitUser) - (mapAllUsersAndRoot (login: - mkMerge [ - { config.home.stateVersion = mkDefault "21.11"; } - (if homeConfigurations ? "${login}" then homeConfigurations."${login}" else { }) - ])) - ]; - }; - }; + }; + + mkX11User = login: let + meta = getMeta login; + in + mkIf (cfg.x11.enable) + { + xsession = { + numlock.enable = true; + profileExtra = '' + if [ $(hostname) = 'stel-xps' ]; then + brightnessctl s 50% + fi + ''; + }; + home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; + + services = { + blueman-applet.enable = true; + network-manager-applet.enable = true; + dunst.enable = true; + }; + }; + in + mkIf (cfg.enable) + { + assertions = let + cfg = config.elss.users; + in [ + { + assertion = mutuallyExclusive cfg.users cfg.admins; + message = "elss.users.users and elss.users.admins are mutually exclusive"; + } + { + assertion = + all (hash: hash != "") + (catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta)); + message = "No admin without password"; + } + { + assertion = length (cfg.admins) > 0; + message = "One admin needed at least"; + } + ]; + + users = { + mutableUsers = false; + users = mkMerge [ + (mapAdmins mkAdmin) + (mapUsers mkUser) + ]; + }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users = mkMerge [ + (mapAllUsers mkX11User) + (mapAllUsers mkGitUser) + (mapAllUsersAndRoot (login: + mkMerge [ + {config.home.stateVersion = mkDefault "21.11";} + ( + if homeConfigurations ? "${login}" + then homeConfigurations."${login}" + else {} + ) + ])) + ]; + }; + }; } diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 875baed..94879a9 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { options.elss.wireguard = with lib; { enable = mkEnableOption "wireguard overlay network"; interfaces = mkOption { - default = { }; + default = {}; type = types.attrsOf (types.submodule { options = { servers = mkOption { @@ -18,7 +21,7 @@ extraIps = mkOption { type = types.listOf types.str; - default = [ ]; + default = []; description = "extra IPs to add to allowedIPs"; }; @@ -63,7 +66,7 @@ additionalAllowedIps = mkOption { type = types.listOf types.str; description = "Additional IPs to add to allowedIPs "; - default = [ ]; + default = []; }; }; }); @@ -78,14 +81,12 @@ ipv6 = { ula = mkOption { type = types.listOf types.str; - description = - "IPv6 prefixes to use for ULA wireguard addressing"; + description = "IPv6 prefixes to use for ULA wireguard addressing"; }; gua = mkOption { type = types.listOf types.str; - description = - "IPv6 prefixes to use for GUA wireguard addressing"; + description = "IPv6 prefixes to use for GUA wireguard addressing"; }; }; @@ -99,119 +100,130 @@ }; }; - config = - let - cfg = config.elss; - hostName = config.system.name; - secretsFile = ../machines - + builtins.toPath "/${hostName}/secrets/wireguard.yaml"; - takeNonEmpty = lib.filter (interface: interface != ""); - testInterface = predicate: - lib.mapAttrsToList - (interface: value: if (predicate interface value) then interface else "") - cfg.wireguard.interfaces; - onlyInterfaces = predicate: takeNonEmpty (testInterface predicate); - peerInterfaces = - onlyInterfaces (interface: value: builtins.hasAttr hostName value.peers); - serverInterfaces = onlyInterfaces - (interface: value: builtins.hasAttr hostName value.servers); - interfaces = serverInterfaces ++ peerInterfaces; + config = let + cfg = config.elss; + hostName = config.system.name; + secretsFile = + ../machines + + builtins.toPath "/${hostName}/secrets/wireguard.yaml"; + takeNonEmpty = lib.filter (interface: interface != ""); + testInterface = predicate: + lib.mapAttrsToList + (interface: value: + if (predicate interface value) + then interface + else "") + cfg.wireguard.interfaces; + onlyInterfaces = predicate: takeNonEmpty (testInterface predicate); + peerInterfaces = + onlyInterfaces (interface: value: builtins.hasAttr hostName value.peers); + serverInterfaces = + onlyInterfaces + (interface: value: builtins.hasAttr hostName value.servers); + interfaces = serverInterfaces ++ peerInterfaces; - mkAddresses = prefixes: localIp: - (map (prefix: "${prefix}.${localIp}/32") prefixes.ipv4) - ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.ula) - ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.gua); + mkAddresses = prefixes: localIp: + (map (prefix: "${prefix}.${localIp}/32") prefixes.ipv4) + ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.ula) + ++ (map (prefix: "${prefix}::${localIp}/128") prefixes.ipv6.gua); - mkServerAddresses = prefixes: serverIp: - (map (prefix: "${prefix}.${serverIp}") prefixes.ipv4) - ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.ula) - ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.gua); + mkServerAddresses = prefixes: serverIp: + (map (prefix: "${prefix}.${serverIp}") prefixes.ipv4) + ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.ula) + ++ (map (prefix: "${prefix}::${serverIp}") prefixes.ipv6.gua); - mkInterfaceName = interface: "wg-${interface}"; + mkInterfaceName = interface: "wg-${interface}"; - mkServerPeer = prefixes: peer: { - allowedIPs = mkAddresses prefixes peer.localIp; - inherit (peer) publicKey; - }; + mkServerPeer = prefixes: peer: { + allowedIPs = mkAddresses prefixes peer.localIp; + inherit (peer) publicKey; + }; - mkPeerPeer = prefixes: peers: peer: { - allowedIPs = (mkAddresses prefixes peer.localIp) - ++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) ++ (if lib.hasAttr hostName peers then peers.${hostName}.additionalAllowedIps else [ ]); - persistentKeepalive = 25; - inherit (peer) publicKey endpoint; - }; + mkPeerPeer = prefixes: peers: peer: { + allowedIPs = + (mkAddresses prefixes peer.localIp) + ++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) + ++ ( + if lib.hasAttr hostName peers + then peers.${hostName}.additionalAllowedIps + else [] + ); + persistentKeepalive = 25; + inherit (peer) publicKey endpoint; + }; - mkPostSetup = name: prefixes: servers: - let - ifName = mkInterfaceName name; - serverIps = name: server: mkServerAddresses prefixes server.localIp; - dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers); - in - - lib.concatStrings ([ + mkPostSetup = name: prefixes: servers: let + ifName = mkInterfaceName name; + serverIps = name: server: mkServerAddresses prefixes server.localIp; + dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers); + in + lib.concatStrings ([ '' ${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone} ${pkgs.systemd}/bin/resolvectl default-route ${ifName} true '' - ] ++ (map + ] + ++ (map (ip: '' ${pkgs.systemd}/bin/resolvectl dns ${ifName} ${ip} '') dnsServers)); - mkInterfaceConfig = hostName: interface: value: - let - isServer = builtins.hasAttr hostName value.servers; - isPeer = builtins.hasAttr hostName value.peers; - myConfig = - if isServer then - value.servers."${hostName}" - else - value.peers."${hostName}"; - in - assert lib.asserts.assertMsg - ((isServer || isPeer) && !(isServer && isPeer)) - "host must be either server or peer"; - lib.nameValuePair (mkInterfaceName interface) ({ - privateKeyFile = config.sops.secrets."wireguard-${interface}".path; - ips = mkAddresses value.prefixes myConfig.localIp; - inherit (myConfig) listenPort; - } // (if isServer then { - peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; - } else if isPeer then { - peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers; - postSetup = mkPostSetup interface value.prefixes value.servers; - } else - { })); - - mkInterfaceSecret = interface: { - "wireguard-${interface}" = { sopsFile = secretsFile; }; - }; - - mkListenPorts = hostName: interface: value: - if builtins.hasAttr hostName value.servers then - value.servers."${hostName}".listenPort - else if builtins.hasAttr hostName value.peers then - value.peers."${hostName}".listenPort - else - -1; - - mkSysctl = hostName: interface: [ - { - name = "net.ipv4.conf.${mkInterfaceName interface}.forwarding"; - value = "1"; - } - { - name = "net.ipv6.conf.${mkInterfaceName interface}.forwarding"; - value = "1"; - } - { - name = "net.ipv6.conf.all.forwarding"; - value = "1"; - } - ]; - + mkInterfaceConfig = hostName: interface: value: let + isServer = builtins.hasAttr hostName value.servers; + isPeer = builtins.hasAttr hostName value.peers; + myConfig = + if isServer + then value.servers."${hostName}" + else value.peers."${hostName}"; in + assert lib.asserts.assertMsg + ((isServer || isPeer) && !(isServer && isPeer)) + "host must be either server or peer"; + lib.nameValuePair (mkInterfaceName interface) ({ + privateKeyFile = config.sops.secrets."wireguard-${interface}".path; + ips = mkAddresses value.prefixes myConfig.localIp; + inherit (myConfig) listenPort; + } + // ( + if isServer + then { + peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; + } + else if isPeer + then { + peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers; + postSetup = mkPostSetup interface value.prefixes value.servers; + } + else {} + )); + + mkInterfaceSecret = interface: { + "wireguard-${interface}" = {sopsFile = secretsFile;}; + }; + + mkListenPorts = hostName: interface: value: + if builtins.hasAttr hostName value.servers + then value.servers."${hostName}".listenPort + else if builtins.hasAttr hostName value.peers + then value.peers."${hostName}".listenPort + else -1; + + mkSysctl = hostName: interface: [ + { + name = "net.ipv4.conf.${mkInterfaceName interface}.forwarding"; + value = "1"; + } + { + name = "net.ipv6.conf.${mkInterfaceName interface}.forwarding"; + value = "1"; + } + { + name = "net.ipv6.conf.all.forwarding"; + value = "1"; + } + ]; + in lib.mkIf cfg.wireguard.enable { networking = { wireguard.interfaces = @@ -221,15 +233,15 @@ # (lib.mapAttrsToList (mkListenPorts hostName) cfg.wireguard.interfaces); allowedUDPPorts = lib.filter (port: port > 0) (map (interface: - lib.attrByPath [ interface "servers" hostName "listenPort" ] (-1) - cfg.wireguard.interfaces) + lib.attrByPath [interface "servers" hostName "listenPort"] (-1) + cfg.wireguard.interfaces) serverInterfaces); trustedInterfaces = map mkInterfaceName interfaces; }; interfaces = lib.listToAttrs (map (interface: { name = mkInterfaceName interface; - value = { mtu = 1300; }; + value = {mtu = 1300;}; }) interfaces); }; @@ -239,11 +251,10 @@ systemd.services = lib.listToAttrs (map (interface: { name = "wireguard-${mkInterfaceName interface}"; - value = { serviceConfig.Restart = "on-failure"; }; + value = {serviceConfig.Restart = "on-failure";}; }) interfaces); - boot.kernel.sysctl = builtins.listToAttrs (lib.concatMap (mkSysctl hostName) serverInterfaces); diff --git a/modules/zsh.nix b/modules/zsh.nix index 97fcc31..d501fd8 100644 --- a/modules/zsh.nix +++ b/modules/zsh.nix @@ -1,15 +1,19 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.elss.zsh.enable = mkEnableOption "Setup systemwide zsh"; - config = - let - inherit (elss.withConfig config) mapAllUsers; - cfg = config.elss.zsh; - in + config = let + inherit (elss.withConfig config) mapAllUsers; + cfg = config.elss.zsh; + in mkIf cfg.enable { environment = { - shells = [ pkgs.zsh ]; - pathsToLink = [ "/share/zsh/" ]; + shells = [pkgs.zsh]; + pathsToLink = ["/share/zsh/"]; sessionVariables = rec { XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; @@ -29,10 +33,10 @@ with lib; { autosuggestions.enable = true; syntaxHighlighting = { enable = true; - highlighters = [ "main" "brackets" "root" "line" ]; + highlighters = ["main" "brackets" "root" "line"]; #styles = { cursor = "standout,underline"; }; }; - setOptions = [ "auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ]; + setOptions = ["auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory"]; shellInit = '' if [[ $TERM == "dumb" ]]; then @@ -58,8 +62,8 @@ with lib; { }; }; - users.users = mapAllUsers (_: { shell = pkgs.zsh; } - + users.users = mapAllUsers ( + _: {shell = pkgs.zsh;} ); }; } diff --git a/secrets/shell.nix b/secrets/shell.nix index 3922b5b..937e073 100644 --- a/secrets/shell.nix +++ b/secrets/shell.nix @@ -1,20 +1,19 @@ -{ pkgs ? import { } -, sops-nix ? pkgs.callPackage { } -, ... -}: - -let +{ + pkgs ? import {}, + sops-nix ? pkgs.callPackage {}, + ... +}: let sops-rekey = pkgs.writeShellScriptBin "sops-rekey" '' ${pkgs.findutils}/bin/find . -wholename '*/secrets/*.yaml' -exec ${pkgs.sops}/bin/sops updatekeys {} \; ''; in -pkgs.mkShell { - sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ]; + pkgs.mkShell { + sopsPGPKeyDirs = [./keys/users ./keys/hosts]; - nativeBuildInputs = [ - sops-nix.sops-import-keys-hook - sops-nix.ssh-to-pgp - sops-rekey - pkgs.wireguard-tools - ]; -} + nativeBuildInputs = [ + sops-nix.sops-import-keys-hook + sops-nix.ssh-to-pgp + sops-rekey + pkgs.wireguard-tools + ]; + } diff --git a/templates/basic_tools/.envrc b/templates/base/.envrc similarity index 100% rename from templates/basic_tools/.envrc rename to templates/base/.envrc diff --git a/templates/basic_tools/flake.nix b/templates/base/flake.nix similarity index 55% rename from templates/basic_tools/flake.nix rename to templates/base/flake.nix index 5e64afb..f08136b 100644 --- a/templates/basic_tools/flake.nix +++ b/templates/base/flake.nix @@ -8,24 +8,30 @@ flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; }; - outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus, ... }@inputs: - { } // (flake-utils.lib.eachDefaultSystem (system: - let + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + flake-utils, + flake-utils-plus, + ... + } @ inputs: + {} + // (flake-utils.lib.eachDefaultSystem ( + system: let unstable = import nixpkgs-unstable { inherit system; }; pkgs = import nixpkgs { inherit system; }; - in - rec { - devShell = - pkgs.mkShell { - buildInputs = [ - # add packages here, like - # pkgs.clingo - ]; - }; - } + in rec { + devShell = pkgs.mkShell { + buildInputs = [ + # add packages here, like + # pkgs.clingo + ]; + }; + } )); } diff --git a/templates/jupyter/flake.nix b/templates/jupyter/flake.nix index 8234ce1..9d6ad5f 100644 --- a/templates/jupyter/flake.nix +++ b/templates/jupyter/flake.nix @@ -2,36 +2,41 @@ description = "JupyterLab Flake"; inputs = { - jupyterWith.url = "github:tweag/jupyterWith"; - flake-utils.url = "github:numtide/flake-utils"; + jupyterWith.url = "github:tweag/jupyterWith"; + flake-utils.url = "github:numtide/flake-utils"; }; - outputs = { self, nixpkgs, jupyterWith, flake-utils }: - flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" ] (system: - let + outputs = { + self, + nixpkgs, + jupyterWith, + flake-utils, + }: + flake-utils.lib.eachSystem ["x86_64-linux" "x86_64-darwin"] ( + system: let pkgs = import nixpkgs { system = system; overlays = nixpkgs.lib.attrValues jupyterWith.overlays; }; prince = pkgs.python3Packages.buildPythonPackage rec { name = "prince"; - src = pkgs.fetchFromGitHub{ + src = pkgs.fetchFromGitHub { owner = "MaxHalford"; repo = "prince"; rev = "bd5b29fafe853579c9d41e954caa4504d585665d"; sha256 = "X7gpHvy2cfIKMrfSGLZxmJsytLbe/VZd27VsYIyEoTI="; }; - propagatedBuildInputs = with pkgs.python3Packages; [ matplotlib pandas numpy scipy scikit-learn ]; + propagatedBuildInputs = with pkgs.python3Packages; [matplotlib pandas numpy scipy scikit-learn]; dontCheck = true; dontUseSetuptoolsCheck = true; }; iPython = pkgs.kernels.iPythonWith { name = "Python-env"; - packages = p: with p; [ sympy numpy pandas prince ]; + packages = p: with p; [sympy numpy pandas prince]; ignoreCollisions = true; }; jupyterEnvironment = pkgs.jupyterlabWith { - kernels = [ iPython ]; + kernels = [iPython]; }; in rec { apps.jupterlab = { diff --git a/templates/rust/flake.nix b/templates/rust/flake.nix index 08193db..b696d59 100644 --- a/templates/rust/flake.nix +++ b/templates/rust/flake.nix @@ -18,36 +18,42 @@ }; }; - outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc, rust-overlay, ... }@inputs: + outputs = { + self, + nixpkgs, + nixpkgs-unstable, + flake-utils, + gitignoresrc, + rust-overlay, + ... + } @ inputs: { #overlay = import ./nix { inherit gitignoresrc; }; - } // (flake-utils.lib.eachDefaultSystem (system: - let - unstable = import nixpkgs-unstable { inherit system; }; + } + // (flake-utils.lib.eachDefaultSystem ( + system: let + unstable = import nixpkgs-unstable {inherit system;}; pkgs = import nixpkgs { inherit system; - overlays = [ (import rust-overlay)]; + overlays = [(import rust-overlay)]; + }; + in rec { + devShell = pkgs.mkShell { + RUST_LOG = "debug"; + RUST_BACKTRACE = 1; + buildInputs = [ + pkgs.rust-bin.stable.latest.rustfmt + pkgs.rust-bin.stable.latest.default + pkgs.rust-analyzer + pkgs.cargo-audit + pkgs.cargo-license + pkgs.cargo-tarpaulin + pkgs.cargo-kcov + pkgs.valgrind + pkgs.gnuplot + pkgs.kcov + ]; }; - in - rec { - devShell = - pkgs.mkShell { - RUST_LOG = "debug"; - RUST_BACKTRACE = 1; - buildInputs = [ - pkgs.rust-bin.stable.latest.rustfmt - pkgs.rust-bin.stable.latest.default - pkgs.rust-analyzer - pkgs.cargo-audit - pkgs.cargo-license - pkgs.cargo-tarpaulin - pkgs.cargo-kcov - pkgs.valgrind - pkgs.gnuplot - pkgs.kcov - ]; - }; } )); } - diff --git a/users/ellmau/alacritty.nix b/users/ellmau/alacritty.nix new file mode 100644 index 0000000..9dc14d8 --- /dev/null +++ b/users/ellmau/alacritty.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + pkgs, + ... +}: { + programs.alacritty = { + enable = true; + settings = { + window = { + decorations = "none"; + }; + alt_send_esc = true; + font = { + normal.family = "Hasklug Nerd Font"; + size = 14; + }; + # colors = { + # primary = { + # background = "#282828"; # base3 + # foreground = "#dfbf8e"; # base00 + # }; + + # cursor = { + # text = "CellBackground"; + # cursor = "CellForeground"; + # }; + + # normal = { + # black = "#665c54"; # base02 + # red = "#ea6962"; # red + # green = "#a9b665"; # green + # yellow = "#e78a4e"; # yellow + # blue = "#7daea3"; # blue + # magenta = "#d3869b"; # magenta + # cyan = "#89b482"; # cyan + # white = "#dfbf8e"; # base2 + # }; + + # bright = { + # black = "#928374"; # base03 + # red = "#ea6962"; # orange + # green = "#a6b665"; # base01 + # yellow = "#e3a84e"; # base00 + # blue = "#7daea3"; # base0 + # magenta = "#d3869b"; # violet + # cyan = "#89b482"; # base1 + # white = "#dfbf8e"; # base3 + # }; + # }; + }; + }; +} diff --git a/users/ellmau/autorandr.nix b/users/ellmau/autorandr.nix index 0a7a80c..cdda657 100644 --- a/users/ellmau/autorandr.nix +++ b/users/ellmau/autorandr.nix @@ -1,120 +1,131 @@ -{ config, pkgs, lib, ...}: { - programs.autorandr = { - enable = true; - profiles = { - "home" = { - fingerprint = { - DP-1 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; - eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - }; - config = { - eDP-1.enable = false; - DP-1 = { - enable = true; - crtc = 1; - primary = true; - position = "0x0"; - mode = "3840x2160"; - dpi = 96; + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical.i3; + in + mkIf cfg.enable { + programs.autorandr = { + enable = true; + profiles = { + "home" = { + fingerprint = { + DP-1 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; + eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + }; + config = { + eDP-1.enable = false; + DP-1 = { + enable = true; + crtc = 1; + primary = true; + position = "0x0"; + mode = "3840x2160"; + dpi = 96; + }; + }; }; - }; - }; - "mobile" = { - fingerprint.eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - config = { - eDP-1 = { - enable = true; - primary = true; - mode = "3840x2160"; - dpi = 192; + "mobile" = { + fingerprint.eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + config = { + eDP-1 = { + enable = true; + primary = true; + mode = "3840x2160"; + dpi = 192; + }; + }; }; - }; - }; - "work" = { - fingerprint = { - eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-2 = "00ffffffffffff0010acb5414c4133452c1e0104b53c22783eee95a3544c99260f5054a54b00e1c0d100d1c0b300a94081808100714f4dd000a0f0703e803020350055502100001a000000ff0031444e593132330a2020202020000000fd00184b1e8c36010a202020202020000000fc0044454c4c205532373230510a2001af020319f14c101f2005140413121103020123097f0783010000a36600a0f0703e803020350055502100001a565e00a0a0a029503020350055502100001a114400a0800025503020360055502100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d9"; - }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "3840x0"; - mode = "3840x2160"; - #dpi = 288; - dpi = 96; + "work" = { + fingerprint = { + eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-2 = "00ffffffffffff0010acb5414c4133452c1e0104b53c22783eee95a3544c99260f5054a54b00e1c0d100d1c0b300a94081808100714f4dd000a0f0703e803020350055502100001a000000ff0031444e593132330a2020202020000000fd00184b1e8c36010a202020202020000000fc0044454c4c205532373230510a2001af020319f14c101f2005140413121103020123097f0783010000a36600a0f0703e803020350055502100001a565e00a0a0a029503020350055502100001a114400a0800025503020360055502100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d9"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "3840x0"; + mode = "3840x2160"; + #dpi = 288; + dpi = 96; + }; + DP-2 = { + enable = true; + primary = true; + mode = "3840x2160"; + #dpi = 144; + dpi = 96; + position = "0x0"; + }; + }; }; - DP-2 = { - enable = true; - primary = true; - mode = "3840x2160"; - #dpi = 144; - dpi = 96; - position = "0x0"; + "home-nuc" = { + fingerprint = { + DP-2 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; + }; + config = { + DP-2 = { + enable = true; + crtc = 1; + primary = true; + position = "0x0"; + mode = "3840x2160"; + dpi = 96; + }; + }; }; - }; - }; - "home-nuc" = { - fingerprint = { - DP-2 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; - }; - config = { - DP-2 = { - enable = true; - crtc = 1; - primary = true; - position = "0x0"; - mode = "3840x2160"; - dpi = 96; - }; - }; - }; - "e3027" = { - fingerprint = { - e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; - }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "0x0"; - mode = "3840x2160"; + "e3027" = { + fingerprint = { + e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "0x0"; + mode = "3840x2160"; + }; + DP-1 = { + enable = true; + crtc = 1; + position = "3840x0"; + mode = "1920x1200"; + }; + }; }; - DP-1 = { - enable = true; - crtc = 1; - position = "3840x0"; - mode = "1920x1200"; - }; - }; - }; - "e3027-clone" = { - fingerprint = { - e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; + "e3027-clone" = { + fingerprint = { + e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "0x0"; + mode = "1920x1200"; + }; + DP-1 = { + enable = true; + crtc = 1; + position = "0x0"; + mode = "1920x1200"; + }; + }; + }; }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "0x0"; - mode = "1920x1200"; - }; - DP-1 = { - enable = true; - crtc = 1; - position = "0x0"; - mode = "1920x1200"; - }; + hooks.postswitch = { + "polybar" = "systemctl --user restart polybar.service"; }; }; }; - hooks.postswitch = { - "polybar" = "systemctl --user restart polybar.service"; - }; - }; } diff --git a/users/ellmau/conf/waybar/style.css b/users/ellmau/conf/waybar/style.css new file mode 100644 index 0000000..d46b9b8 --- /dev/null +++ b/users/ellmau/conf/waybar/style.css @@ -0,0 +1,313 @@ +/* ----------------------------------------------------------------------------- + * Keyframes + * -------------------------------------------------------------------------- */ + +@keyframes blink-warning { + 70% { + color: @light; + } + + to { + color: @light; + background-color: @warning; + } +} + +@keyframes blink-critical { + 70% { + color: @light; + } + + to { + color: @light; + background-color: @critical; + } +} + +@define-color critical #cc241d; +@define-color warning #fabd2f; + +* { + /* `otf-font-awesome` is required to be installed for icons */ + font-family: Hasklug Nerd Font, FontAwesome, Roboto, Helvetica, Arial, sans-serif; + font-size: 13px; + border: none; + border-radius: 0; +} + +window#waybar { + background-color: rgba(43, 48, 59, 0.5); + border-bottom: 3px solid rgba(100, 114, 125, 0.5); + color: #ffffff; + transition-property: background-color; + transition-duration: .5s; +} + +/* +window#waybar.hidden { + opacity: 0.2; +}*/ + +/* +window#waybar.empty { + background-color: transparent; +} +window#waybar.solo { + background-color: #FFFFFF; +} +*/ + + +/* Each module that should blink */ +#mode, +#battery { + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; +} + + +/* Each critical that should blink */ +#mode, +#battery.critical.discharging { + animation-name: blink-critical; + animation-duration: 2s; +} + +/* Each warning */ +#network.disconnected, +#battery.warning { + background-color: @warning; + color: #000000; +} + +window#waybar.termite { + background-color: #3F3F3F; +} + +window#waybar.chromium { + background-color: #000000; + border: none; +} + +#network.wifi { + background-color: #C9CBFF; + color: #000000; +} + +#workspaces button { + padding: 0 5px; + background-color: transparent; + color: #ffffff; + /* Use box-shadow instead of border so the text isn't offset */ + box-shadow: inset 0 -3px transparent; + /* Avoid rounded borders under each workspace name */ + border: none; + border-radius: 5; +} + +/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */ +#workspaces button:hover { + background: rgba(0, 0, 0, 0.2); + box-shadow: inset 0 -2px #ecf0f1; +} + +#workspaces button.focused { + background-color: #64727D; + box-shadow: inset 0 -2px #ecf0f1; +} + +#workspaces button.urgent { + background-color: #eb4d4b; +} + +#mode { + background-color: #64727D; + border-bottom: 2px solid #ecf0f1; +} + +#clock, +#battery, +#cpu, +#memory, +#disk, +#temperature, +#backlight, +#network, +#pulseaudio, +#custom-media, +#tray, +#mode, +#idle_inhibitor, +#mpd { + margin-left: 2px; + margin-right: 2px; + padding: 0 10px; + color: #ffffff; +} + +#window, +#workspaces { + margin: 0 4px; +} + +/* If workspaces is the leftmost module, omit left margin */ +.modules-left > widget:first-child > #workspaces { + margin-left: 0; +} + +/* If workspaces is the rightmost module, omit right margin */ +.modules-right > widget:last-child > #workspaces { + margin-right: 0; +} + +#clock { + background-color: #64727D; +} + +#battery { + background-color: #ffffff; + color: #000000; +} + +#battery.charging, #battery.plugged { + color: #ffffff; + background-color: #26A65B; +} + +@keyframes blink { + to { + background-color: #ffffff; + color: #000000; + } +} + +#battery.critical:not(.charging) { + background-color: #f53c3c; + color: #ffffff; + animation-name: blink; + animation-duration: 0.5s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; +} + +label:focus { + background-color: #000000; +} + +#cpu { + background-color: #2ecc71; + color: #000000; +} + +#memory { + background-color: #9b59b6; +} + +#disk { + background-color: #964B00; +} + +#backlight { + background-color: #90b1b1; +} + +#network { + background-color: #2980b9; +} + +#pulseaudio { + background-color: #f1c40f; + color: #000000; +} + +#pulseaudio.muted { + background-color: #90b1b1; + color: #2a5c45; +} + +#custom-media { + background-color: #66cc99; + color: #2a5c45; + min-width: 100px; +} + +#custom-media.custom-spotify { + background-color: #66cc99; +} + +#custom-media.custom-vlc { + background-color: #ffa000; +} + +#temperature { + background-color: #f0932b; +} + +#temperature.critical { + background-color: #eb4d4b; +} + +#tray { + background-color: #2980b9; +} + +#tray > .passive { + -gtk-icon-effect: dim; +} + +#tray > .needs-attention { + -gtk-icon-effect: highlight; + background-color: #eb4d4b; +} + +#idle_inhibitor { + background-color: #2d3436; +} + +#idle_inhibitor.activated { + background-color: #ecf0f1; + color: #2d3436; +} + +#mpd { + background-color: #66cc99; + color: #2a5c45; +} + +#mpd.disconnected { + background-color: #f53c3c; +} + +#mpd.stopped { + background-color: #90b1b1; +} + +#mpd.paused { + background-color: #51a37a; +} + +#language { + background: #00b093; + color: #740864; + padding: 0 5px; + margin: 0 5px; + min-width: 16px; +} + +#keyboard-state { + background: #97e1ad; + color: #000000; + padding: 0 0px; + margin: 0 5px; + min-width: 16px; +} + +#keyboard-state > label { + padding: 0 5px; +} + +#keyboard-state > label.locked { + background: rgba(0, 0, 0, 0.2); +} diff --git a/users/ellmau/default.nix b/users/ellmau/default.nix index 5ece8b8..7f9bf2d 100644 --- a/users/ellmau/default.nix +++ b/users/ellmau/default.nix @@ -1,14 +1,24 @@ -{ config, lib, pkgs, ... }: { + config, + lib, + pkgs, + ... +}: { imports = [ + ./alacritty.nix ./autorandr.nix ./dunst.nix ./git.nix ./gpg.nix ./i3.nix + ./kanshi.nix + ./mako.nix ./nextcloud.nix ./polybar.nix ./zsh.nix + + ./sway.nix + ./waybar.nix ]; services = { gnome-keyring = { @@ -35,19 +45,10 @@ home.packages = with pkgs; [ # comma did not compile on 15.07.2022 comma + kanshi ]; programs = { - alacritty = { - enable = true; - settings = { - window = { - decorations = "full"; - }; - alt_send_esc = true; - }; - }; - direnv = { enable = true; nix-direnv.enable = true; diff --git a/users/ellmau/dunst.nix b/users/ellmau/dunst.nix index 259b867..d12f103 100644 --- a/users/ellmau/dunst.nix +++ b/users/ellmau/dunst.nix @@ -1,37 +1,48 @@ -{ config, pkgs, ...}: { - services.dunst = { - iconTheme = { - package = pkgs.numix-icon-theme; - name = "Numix"; - size = "26"; - }; - settings = { - global = { - geometry = "800x5-30+50"; - transparency = 10; - frame_color = "#839496"; - font = "Hasklug Nerd Font 10"; - timeout = 5; - follow = "mouse"; - markup = "full"; - icon_position = "left"; - history_length = 32; - dmenu = "${pkgs.rofi}/bin/rofi -dmenu"; - word_wrap = true; - }; - urgency_critical = { - foreground = "#fdf6e3"; - background = "#dc322f"; - }; - urgency_normal = { - foreground = "#fdf6e3"; - background = "#859900"; - }; - urgency_low = { - foreground = "#fdf6e3"; - background = "#2aa198"; + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical.i3; + in + mkIf cfg.enable { + services.dunst = { + iconTheme = { + package = pkgs.numix-icon-theme; + name = "Numix"; + size = "26"; + }; + settings = { + global = { + geometry = "800x5-30+50"; + transparency = 10; + frame_color = "#839496"; + font = "Hasklug Nerd Font 10"; + timeout = 5; + follow = "mouse"; + markup = "full"; + icon_position = "left"; + history_length = 32; + dmenu = "${pkgs.rofi}/bin/rofi -dmenu"; + word_wrap = true; + }; + urgency_critical = { + foreground = "#fdf6e3"; + background = "#dc322f"; + }; + urgency_normal = { + foreground = "#fdf6e3"; + background = "#859900"; + }; + urgency_low = { + foreground = "#fdf6e3"; + background = "#2aa198"; + }; + }; }; }; - }; } diff --git a/users/ellmau/git.nix b/users/ellmau/git.nix index 91b0ab0..e97833e 100644 --- a/users/ellmau/git.nix +++ b/users/ellmau/git.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ...}: { - programs= { + config, + pkgs, + lib, + ... +}: { + programs = { git = { enable = true; package = pkgs.gitAndTools.gitFull; extraConfig = { - core = { editor = "emacsclient"; }; - init = { defaultBranch = "main";}; - branch = { autosetuprebase = "always";}; - safe.directory = [ "/etc/nixos" ]; + core = {editor = "emacsclient";}; + init = {defaultBranch = "main";}; + branch = {autosetuprebase = "always";}; + safe.directory = ["/etc/nixos"]; }; lfs.enable = true; }; diff --git a/users/ellmau/gpg.nix b/users/ellmau/gpg.nix index 81c6c8e..e085598 100644 --- a/users/ellmau/gpg.nix +++ b/users/ellmau/gpg.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ...}: { + config, + pkgs, + lib, + ... +}: { home.file = { ".gnupg/gpgsm.conf".text = '' keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE @@ -10,7 +14,5 @@ ".gnupg/chain.txt".source = ./conf/gpgsm/chain.txt; }; - - programs.gpg.enable = true; } diff --git a/users/ellmau/i3.nix b/users/ellmau/i3.nix index db3a25c..f653b65 100644 --- a/users/ellmau/i3.nix +++ b/users/ellmau/i3.nix @@ -1,9 +1,20 @@ -{ config, pkgs, lib, ...}: { - xdg = { - configFile."i3" = { - source = conf/i3; - recursive = true; + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical; + in + mkIf cfg.enable { + xdg = { + configFile."i3" = { + source = conf/i3; + recursive = true; + }; + }; }; - }; } diff --git a/users/ellmau/kanshi.nix b/users/ellmau/kanshi.nix new file mode 100644 index 0000000..e6319d6 --- /dev/null +++ b/users/ellmau/kanshi.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical.sway; + in + mkIf cfg.enable { + services.kanshi = { + enable = true; + profiles = { + work = { + outputs = [ + { + criteria = "Dell Inc. DELL U2720Q 1DNY123"; + position = "1920,0"; + } + { + criteria = "eDP-1"; + position = "5760,0"; + } + ]; + }; + unplugged = { + outputs = [ + { + criteria = "eDP-1"; + } + ]; + }; + }; + }; + }; +} diff --git a/users/ellmau/mako.nix b/users/ellmau/mako.nix new file mode 100644 index 0000000..d4024aa --- /dev/null +++ b/users/ellmau/mako.nix @@ -0,0 +1,23 @@ +{ + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical.sway; + in + mkIf cfg.enable { + programs.mako = { + enable = true; + iconPath = "${pkgs.numix-icon-theme}"; + font = "Hasklug Nerd Font 10"; + defaultTimeout = 8000; + # ignoreTimeout = true; + }; + + home.packages = [pkgs.numix-icon-theme]; + }; +} diff --git a/users/ellmau/nextcloud.nix b/users/ellmau/nextcloud.nix index 82a7de2..6663ae0 100644 --- a/users/ellmau/nextcloud.nix +++ b/users/ellmau/nextcloud.nix @@ -1,7 +1,18 @@ -{ pkgs, ... }: { - services.nextcloud-client = { - enable = true; - startInBackground = true; - }; + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical; + in + mkIf cfg.enable { + services.nextcloud-client = { + enable = true; + startInBackground = true; + }; + }; } diff --git a/users/ellmau/polybar.nix b/users/ellmau/polybar.nix index 85fa96b..65f801f 100644 --- a/users/ellmau/polybar.nix +++ b/users/ellmau/polybar.nix @@ -1,12 +1,20 @@ -{ config, pkgs, ...}: { - services.polybar = { - enable = true; - package = pkgs.polybarFull; - settings = - let + config, + pkgs, + lib, + nixosConfig, + ... +}: +with lib; { + config = let + cfg = nixosConfig.elss.graphical.i3; + in + mkIf cfg.enable { + services.polybar = { + enable = true; + package = pkgs.polybarFull; + settings = let # solarized theme colours ~ https://en.wikipedia.org/wiki/Solarized - #content tones Base01 = "#586e75"; Base00 = "#657b83"; @@ -37,11 +45,11 @@ alert_col = "#dc322f"; dpi = '' - ''${env:DPI:0} + ''${env:DPI:0} ''; #polyheight = 60; - + fonts = [ "Hasklig:style=Regular" "all-the-icons:style=Regular" @@ -52,304 +60,303 @@ "Weather Icons:size=12;0" "Hasklug Nerd Font,Hasklig Medium:style=Medium,Regular" ]; - in - { - "bar/main" = { - font = fonts; - modules = { - left = "i3 xwindow"; - center = ""; - right = " xbacklight xkeyboard eth wlan battery date powermenu dunst volume "; - }; - - background = background_col; - foreground = foreground_col; - - monitor = '' - ''${env:MONITOR:} - ''; - width = "100%"; - #height = polyheight; - padding = 0; - padding-right = 2; - radius = 14; - module-margin = 1; - line-size = 2; - - dpi-x = dpi; - dpi-y = dpi; - - tray = { - position = "right"; - padding = 2; - background = Base2; - }; - }; - "bar/aux" = { - font = fonts; - modules = { - left = "i3"; - center = ""; - right = " xbacklight xkeyboard eth wlan battery date powermenu volume "; - }; - - background = background_col; - foreground = foreground_col; - - monitor = '' - ''${env:MONITOR:} - ''; - width = "100%"; - #height = polyheight; - radius = 14; - module-margin = 1; - line-size = 2; - - dpi-x = dpi; - dpi-y = dpi; - }; - - "module/volume" = { - type = "internal/pulseaudio"; - format.volume = " "; - label.muted.text = "🔇"; - label.muted.foreground = "#666"; - ramp.volume = ["🔈" "🔉" "🔊"]; - click.right = "${pkgs.pavucontrol}/bin/pavucontrol &"; - # format-volume-underline = Base2; - # format-muted-underline = Base2; - }; - "module/i3" = { - type = "internal/i3"; - format = " "; - index-sort = "true"; - wrapping-scroll = "false"; - - #; Only show workspaces on the same output as the bar - pin-workspaces = "true"; - - label-mode-padding = "2"; - label-mode-foreground = "#000"; - label-mode-background = primary_col; - - #; focused = Active workspace on focused monitor - label-focused = "%name%"; - #;label-focused-background = ${colors.background-alt} - #;label-focused-background = #9f78e1 - label-focused-background = foreground_col; - label-focused-underline= foreground_col; - label-focused-foreground = background_col; - label-focused-padding = "2"; - - #; unfocused = Inactive workspace on any monitor - label-unfocused = "%name%"; - label-unfocused-padding = "2"; - label-unfocused-underline = foreground_col; - - #; visible = Active workspace on unfocused monitor - label-visible = "%name%"; - label-visible-background = Violet; - label-visible-underline = Yellow; - label-visible-padding = 2; - - #; urgent = Workspace with urgency hint set - label-urgent = "%name%"; - label-urgent-background = alert_col; - label-urgent-foreground = primary_col; - label-urgent-padding = "2"; - - #; Separator in between workspaces - #; label-separator = | - }; - "module/xkeyboard" = { - type = "internal/xkeyboard"; - blacklist-0 = "num lock"; - interval = "5"; - - format-prefix = ''""''; - format-prefix-foreground = foreground_altcol; - format-prefix-underline = secondary_col; - - label-layout = "%layout%"; - label-layout-underline = secondary_col; - - label-indicator-padding = "2"; - label-indicator-margin = "1"; - label-indicator-background = secondary_col; - label-indicator-underline = secondary_col; - }; - "module/wlan" = { - type = "internal/network"; - interface = "wlp0s20f3"; - interval = "3.0"; - - format-connected = " "; - format-connected-underline = "#9f78e1"; - label-connected = "%essid%"; - - ramp-signal-0 = ''"0.0"''; - ramp-signal-1 = ''"0.5"''; - ramp-signal-2 = ''"1.0"''; - ramp-signal-3 = ''"1.0"''; - ramp-signal-4 = ''"1.0"''; - - format-disconnected = ""; - # ;format-disconnected = - #;format-disconnected-underline = ${self.format-connected-underline} - #;label-disconnected = %ifname% disconnected - #;label-disconnected-foreground = ${colors.foreground-alt} - - - ramp-signal-foreground = foreground_altcol; - }; - "module/eth" = { - type = "internal/network"; - interface = "eno1"; - interval = "3.0"; - - format-connected-underline = "#55aa55"; - format-connected = " "; - format-connected-prefix-foreground = foreground_altcol; - label-connected = "%local_ip%"; - - format-disconnected = ""; - format-disconnected-background = "#5479b7"; - #;format-disconnected = - #;format-disconnected-underline = ${self.format-connected-underline} - #;label-disconnected = %ifname% disconnected - #;label-disconnected-foreground = ${colors.foreground-alt} - }; - "module/date" = { - type = "internal/date"; - interval = "5"; - - date = ''" %Y-%m-%d"''; - date-alt = ''" %Y-%m-%d"''; - - time = "%H:%M"; - time-alt = "%H:%M:%S"; - - #format-prefix = ""; - #format-prefix-foreground = foreground_altcol; - format-underline = "#0a6cf5"; - - label = "%{A} %date% %time%"; - }; - "module/battery" = { - type = "internal/battery"; - battery = "BAT0"; - adapter = "ADP1"; - full-at = "98"; - - format-charging-background= "#689d6a"; - format-charging-prefix = ''" "''; - format-charging = ""; - format-discharging-prefix = ''" "''; - format-discharging = ""; - format-discharging-background= "#689d6a"; - format-full-prefix = ''" "''; - - format-charging-underline = "#ffaa55"; - format-full-prefix-foreground = foreground_altcol; - format-full-underline = "#ffaa55"; - - ormat-full-padding = "1"; - format-charging-padding = "1"; - format-discharging-padding = "1"; - }; - "module/temperature" = { - type = "internal/temperature"; - thermal-zone = "0"; - warn-temperature = "60"; - - format = "